31May, 2020

GoHacking Demo

Security | Jorge Orchilles | May 31, 2020 | 0 comment

I was invited to speak at Go Hacking, a Brazilian cyber security community and training provider. If you have never heard of them, check out the great content on their YouTube page. Given their recent training on Command and Control, I did a talk and demonstration on performing a high-value adversary emulation. I used MITRE ATT&CK for obtaining Cyber Threat Intelligence on APT19. Then I leveraged VECTR to create an adversary emulation plan. Lastly, I used Empire3 with Starkiller, a free command and control framework, and then SCYTHE, an enterprise grade command and control framework to perform the adversary emulation.

READ MORE
30May, 2020

CredGuard + VMware + Windows10

Security | Jorge Orchilles | May 30, 2020 | 0 comment

Credential Guard + VMware + Windows 10 Vmware Workstation 15.5.5 now has support for Credential Guard enabled on the latest Windows 10 (Windows 10 20H1 build 19041.264 or newer)! This is big news for enterprises and individual users given the security controls we had to disable to be able to run virtual machines on our […]

READ MORE
25May, 2020

New website

Security | Jorge Orchilles | May 25, 2020 | 0 comment

New website, who dis? Welcome to my new website! I hope to use this site much more than in the previous 10 years as I am now in a new, innovative, and community driven company: SCYTHE.  This is my personal site so I plan to use it to share the events I will be attending. As you know, […]

READ MORE
24May, 2020

Purple Is The New Red… Teaming

Podcast | Jorge Orchilles | May 24, 2020 | 0 comment

Had a great time catching up with Robert Rounsavall from Trapezoid on his podcast SYN-ACK FIN-ACK. We covered quiet a bit, here are some highlights: How I got into IT 3 years at Terremark Shifting to Information Security Working in Terremark’s SOC and the July 4, 2009 DDOS (https://en.wikipedia.org/wiki/July_2009_cyberattacks), Cloud Security pilot for USG/GSA, Meeting […]

READ MORE
23May, 2020

Red Team Mayhem

Training | Jorge Orchilles | May 23, 2020 | 0 comment

Red Team Village Mayhem Presentation If you know me, you know I’ve always wanted to speak at Blackhat and DEF CON. This year will be different with DEF CON in Safe Mode  but since I submitted talks, the folks at Red Team Village reached out to see if I would present at Red Team Mayhem […]

READ MORE
22May, 2020

A Day in the Life of a Penetration Tester

Podcast | Jorge Orchilles | May 22, 2020 | 0 comment

Some of you may be wondering, at the primary level, what role a penetration tester—aka, a “pentester”—plays in the grand scheme of information security; what do these folks do on a day-to-day basis that makes the job so important and so cool? Others may have already done some research on the role, understanding what’s involved, […]

READ MORE
21May, 2020

Simply Cyber Interview

Podcast | Jorge Orchilles | May 21, 2020 | 0 comment

I met Gerald Auger at GRIMMCon as we were both volunteering to run the free, virtual conference. We spent some time chatting about various things and he invited me on his project Simply Cyber.

In this video, I interview Jorge Orchilles on a variety of cybersecurity topics rooted in his experience. Grab a cup a coffee and settle in, as Jorge takes us through the challenges and benefits of working in the financial services sector, how to get started in cybersecurity how cloud computing has evolved, and the developing state of red, blue, and purple teams.
Hope you enjoy!

READ MORE
07Jan, 2014

Missing Security Features in Windows Phone 8

Mobile‚ Security‚ WP8 | Jorge Orchilles | January 7, 2014 | 0 comment

As I have spent some time researching and developing a WP8 application security testing methodology and process, I have come up with three key security features that are missing from Microsoft’s Windows Phone 8. From an offensive security perspective, these feature are good to have for testing but from an end user perspective, they are […]

READ MORE
Twitter Linkedin Youtube